Fortuna: Add failpoints to simulate initial seeding conditions

Set debug.fail_point.random_fortuna_pre_read=return(1) and
debug.fail_point.random_fortuna_seeded=return(1) to return to unseeded
status (sort of).  See the Differential URL for more detail.

The goal is to reproduce e.g. Lev's recent CURRENT report[1] about failing
newfs arc4random(3) usage (fixed in r338542).

No functional change when failpoints are not set.

[1]: https://lists.freebsd.org/pipermail/freebsd-current/2018-September/071067.html

Reported by:	lev
Reviewed by:	delphij, markm
Approved by:	secteam (delphij)
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D17047

1 files changed, 21 insertions, 0 deletions

diff --git a/sys/dev/random/fortuna.c b/sys/dev/random/fortuna.c
index 866899846212..3a46d527fa9a 100644
--- a/sys/dev/random/fortuna.c
+++ b/sys/dev/random/fortuna.c
@@ -39,6 +39,7 @@ __FBSDID("$FreeBSD$");
 
 #ifdef _KERNEL
 #include <sys/param.h>
+#include <sys/fail.h>
 #include <sys/kernel.h>
 #include <sys/lock.h>
 #include <sys/malloc.h>
@@ -385,6 +386,18 @@ random_fortuna_pre_read(void)
 	}
 
 #ifdef _KERNEL
+	/*
+	 * When set, pretend we do not have enough entropy to reseed yet.
+	 */
+	KFAIL_POINT_CODE(DEBUG_FP, random_fortuna_pre_read, {
+		if (RETURN_VALUE != 0) {
+			RANDOM_RESEED_UNLOCK();
+			return;
+		}
+	});
+#endif
+
+#ifdef _KERNEL
 	fortuna_state.fs_lasttime = now;
 #endif
 
@@ -442,5 +455,13 @@ bool
 random_fortuna_seeded(void)
 {
 
+#ifdef _KERNEL
+	/* When set, act as if we are not seeded. */
+	KFAIL_POINT_CODE(DEBUG_FP, random_fortuna_seeded, {
+		if (RETURN_VALUE != 0)
+			fortuna_state.fs_counter = UINT128_ZERO;
+	});
+#endif
+
 	return (!uint128_is_zero(fortuna_state.fs_counter));
 }